On Wed, Aug 08, 2018 at 01:39:02PM -0500, Alex ter Weele wrote:
> asignify appears to embed tweetnacl and blake2. Is that a concern?

Tweetnacl is intended to be embedded: "TweetNaCl is a self-contained
public-domain C library, so it can easily be integrated into
applications."

https://tweetnacl.cr.yp.to/

BLAKE2 is designed in a similar way, although they also offer a "full"
package with a build system, libb2. Looking at the list of users on
their web site, we already have lots of packages that embed BLAKE2. From
what I can tell, asignify doesn't use libb2.

https://github.com/BLAKE2